HADOOP-13565. KerberosAuthenticationHandler#authenticate should not rebuild SPN based on client request. Contributed by Xiaoyu Yao.
(cherry picked from commit 9097e2efe4
)
This commit is contained in:
parent
b60e545a08
commit
874402a295
|
@ -343,8 +343,6 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
|||
authorization = authorization.substring(KerberosAuthenticator.NEGOTIATE.length()).trim();
|
||||
final Base64 base64 = new Base64(0);
|
||||
final byte[] clientToken = base64.decode(authorization);
|
||||
final String serverName = InetAddress.getByName(request.getServerName())
|
||||
.getCanonicalHostName();
|
||||
try {
|
||||
token = Subject.doAs(serverSubject, new PrivilegedExceptionAction<AuthenticationToken>() {
|
||||
|
||||
|
@ -354,10 +352,7 @@ public class KerberosAuthenticationHandler implements AuthenticationHandler {
|
|||
GSSContext gssContext = null;
|
||||
GSSCredential gssCreds = null;
|
||||
try {
|
||||
gssCreds = gssManager.createCredential(
|
||||
gssManager.createName(
|
||||
KerberosUtil.getServicePrincipal("HTTP", serverName),
|
||||
KerberosUtil.getOidInstance("NT_GSS_KRB5_PRINCIPAL")),
|
||||
gssCreds = gssManager.createCredential(null,
|
||||
GSSCredential.INDEFINITE_LIFETIME,
|
||||
new Oid[]{
|
||||
KerberosUtil.getOidInstance("GSS_SPNEGO_MECH_OID"),
|
||||
|
|
Loading…
Reference in New Issue